SUSE Linux has released critical and moderate security updates for various components, including `erlang26`, `erlang`, and `govulncheck-vulndb`, to address vulnerabilities.
- Release Date: April 22, 2025
- Severity: Critical
- CVE References:
- CVE-2025-30211: Excessive memory usage due to KEX init error
- CVE-2025-32433: Unauthenticated remote code execution in Erlang/OTP SSH
- Affected Products:
- openSUSE Leap 15.3, 15.6
- SUSE Linux Enterprise Server for SAP Applications 15 SP6, among others.
- Patch Installation: Recommended methods include YaST online update or using `zypper patch`.
2. Erlang Security Update (SUSE-SU-2025:1357-1)
- Release Date: April 22, 2025
- Severity: Critical
- CVE Reference:
- CVE-2025-32433: Same vulnerability as above, fixed for the broader Erlang package.
- Affected Products: Similar to the above, including various SUSE Linux Enterprise Server versions and SUSE Manager products.
- Patch Installation: Similar patch installation instructions as above.
3. Govulncheck-VulnDB Security Update (SUSE-SU-2025:1359-1)
- Release Date: April 22, 2025
- Severity: Moderate
- Description: Updated to new versions to include fixes for additional vulnerabilities.
- Affected Products: openSUSE Leap 15.6 and SUSE Linux Enterprise products.
- Patch Installation: As with previous updates, use YaST or `zypper`.
To ensure a secure environment, users should regularly check for updates and stay informed about new vulnerabilities and patches released by SUSE. This proactive approach will help mitigate potential security risks associated with outdated software components.
For further information, you can refer to the official SUSE security advisories linked within each section of the update announcement
Updates Overview:
1. Erlang26 Security Update (SUSE-SU-2025:1356-1)- Release Date: April 22, 2025
- Severity: Critical
- CVE References:
- CVE-2025-30211: Excessive memory usage due to KEX init error
- CVE-2025-32433: Unauthenticated remote code execution in Erlang/OTP SSH
- Affected Products:
- openSUSE Leap 15.3, 15.6
- SUSE Linux Enterprise Server for SAP Applications 15 SP6, among others.
- Patch Installation: Recommended methods include YaST online update or using `zypper patch`.
2. Erlang Security Update (SUSE-SU-2025:1357-1)
- Release Date: April 22, 2025
- Severity: Critical
- CVE Reference:
- CVE-2025-32433: Same vulnerability as above, fixed for the broader Erlang package.
- Affected Products: Similar to the above, including various SUSE Linux Enterprise Server versions and SUSE Manager products.
- Patch Installation: Similar patch installation instructions as above.
3. Govulncheck-VulnDB Security Update (SUSE-SU-2025:1359-1)
- Release Date: April 22, 2025
- Severity: Moderate
- Description: Updated to new versions to include fixes for additional vulnerabilities.
- Affected Products: openSUSE Leap 15.6 and SUSE Linux Enterprise products.
- Patch Installation: As with previous updates, use YaST or `zypper`.
Additional Information:
The updates are crucial for maintaining the security and stability of affected SUSE Linux environments, addressing severe vulnerabilities that could lead to unauthorized access and system compromise. Users are encouraged to apply these updates promptly following the provided installation instructions.To ensure a secure environment, users should regularly check for updates and stay informed about new vulnerabilities and patches released by SUSE. This proactive approach will help mitigate potential security risks associated with outdated software components.
For further information, you can refer to the official SUSE security advisories linked within each section of the update announcement
Erlang and Govulncheck-VulnDB updates for SUSE
SUSE Linux has been updated with security enhancements for erlang26, erlang, and govulncheck-vulndb:
SUSE-SU-2025:1356-1: critical: Security update for erlang26
SUSE-SU-2025:1357-1: critical: Security update for erlang
SUSE-SU-2025:1359-1: moderate: Security update for govulncheck-vulndbErlang and Govulncheck-VulnDB updates for SUSE @ Linux Compatible
